Regular Contributor

I'm interested in implementing the Server 2019 security baselines.


How do you manage the Server 2019 Domain Controller baseline? The Local Policies/User Rights Assignment and Local Policies/Security Options are very different from the DDCP (Default Domain Controller Policy).


Do you merge it with the DDCP? Or do you add the baseline GPO to the Domain Controllers OU with a higher link order?


What's the best practice here?